<?php
	/*****************************************************************
		GP Clinic - a web based Medical directory system
		Copyright (C) 2014 Kaizensynergy - Gemba360

		Author: Bless Bauson
		Key: bHkTy89wZ0DHyUiim0041rTxyBbP671aQwg327UtjfcrO
	*****************************************************************/

	//for form submit
	if($_SERVER['REQUEST_METHOD'] == "POST"){
		$error = 0;
		
		if(!empty($_POST['username']) && !empty($_POST['password'])){
			$pass = md5($_POST['password']);

			$userObj = new User();
			$userObj->select = "user.id AS user_id, user.username, user.user_type_id, is_practicioner";
			$userObj->filter = "user.username = '".$_POST['username']."'";
			$userObj->SQL_AddFilter("user.password = '".$pass."' ");
			$userObj->SQL_AddFilter("user.active = 1");
			$userObj->SQL_AddJoin("INNER JOIN", "user_type", "user.user_type_id = user_type.id", "label AS user_type_label, access_all, access_group, allow_edit, allow_edit, allow_add, allow_view, allow_delete, access_restriction");
			$userObj->SQL_AddJoin("LEFT JOIN", "user_group", "user.id = user_group.user_id", "user_group.group_id");
			$userObj->SQL_AddJoin("LEFT JOIN", "groups", "groups.id = user_group.group_id", "groups.name as group_name");
			$userObj->SQL_AddJoin("LEFT JOIN", "user_practicioner", "user_practicioner.user_id = user.id", "user_practicioner.name AS practicioner_name");
			$userObj->SQL_AddJoin("LEFT JOIN", "user_non_practicioner", "user_non_practicioner.user_id = user.id", "user_non_practicioner.name AS nonpracticioner_name");
		
			$user_row = $userObj->SQL_Select();

			if(count($user_row) && !empty($user_row['user_id'])){
				$_SESSION['account'] = $user_row;
				$error = 0;
			}else{
				$error = 2;
			}
		}else{
			$error = 1;
		}

		if(empty($error)){
			$controller->redirect(APP_ROOT."/home");
			exit;
		}
	}
?>